Commit 5a21cadb authored by Daniel Kahn Gillmor's avatar Daniel Kahn Gillmor Committed by Dr. Stephen Henson
Browse files

use SSL_kDHE throughout instead of SSL_kEDH 

DHE is the standard term used by the RFCs and by other TLS
implementations.  It's useful to have the internal variables use the
standard terminology.

This patch leaves a synonym SSL_kEDH in place, though, so that older
code can still be built against it, since that has been the
traditional API.  SSL_kEDH should probably be deprecated at some
point, though.
parent 75cb3771

doc/apps/ciphers.pod

+1 −1
Original line number Diff line number Diff line
@@ -179,7 +179,7 @@ attack and so their use is normally discouraged. 


cipher suites using RSA key exchange, authentication or either respectively.



=item B<kEDH>

=item B<kDHE>



cipher suites using ephemeral DH key agreement.

doc/ssleay.txt

+1 −1
Original line number Diff line number Diff line
@@ -6026,7 +6026,7 @@ one at a time, or use 'aliases' to specify the preference and order for 
the ciphers.



There are a large number of aliases, but the most importaint are

kRSA, kDHr, kDHd and kEDH for key exchange types.

kRSA, kDHr, kDHd and kDHE for key exchange types.



aRSA, aDSS, aNULL and aDH for authentication

DES, 3DES, RC4, RC2, IDEA and eNULL for ciphers

ssl/d1_srvr.c

+1 −1
Original line number Diff line number Diff line
@@ -491,7 +491,7 @@ int dtls1_accept(SSL *s) 
#ifndef OPENSSL_NO_PSK

			    || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)

#endif

			    || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))

			    || (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))

			    || (alg_k & SSL_kECDHE)

			    || ((alg_k & SSL_kRSA)

				&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL

ssl/s3_clnt.c

+4 −4
Original line number Diff line number Diff line
@@ -1656,7 +1656,7 @@ int ssl3_get_key_exchange(SSL *s) 
		;

#endif

#ifndef OPENSSL_NO_DH

	else if (alg_k & SSL_kEDH)

	else if (alg_k & SSL_kDHE)

		{

		if ((dh=DH_new()) == NULL)

			{
@@ -2581,7 +2581,7 @@ int ssl3_send_client_key_exchange(SSL *s) 
			}

#endif

#ifndef OPENSSL_NO_DH

		else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))

		else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))

			{

			DH *dh_srvr,*dh_clnt;

			SESS_CERT *scert = s->session->sess_cert;
@@ -3469,7 +3469,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) 
		}

#endif

#ifndef OPENSSL_NO_DH

	if ((alg_k & SSL_kEDH) && 

	if ((alg_k & SSL_kDHE) && 

		!(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))

		{

		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
@@ -3506,7 +3506,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) 
		else

#endif

#ifndef OPENSSL_NO_DH

			if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))

			if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))

			    {

			    if (dh == NULL

				|| DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))

ssl/s3_lib.c

+43 −43
Original line number Diff line number Diff line
@@ -430,7 +430,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,

	SSL3_CK_EDH_DSS_DES_40_CBC_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aDSS,

	SSL_DES,

	SSL_SHA1,
@@ -446,7 +446,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,

	SSL3_CK_EDH_DSS_DES_64_CBC_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aDSS,

	SSL_DES,

	SSL_SHA1,
@@ -462,7 +462,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,

	SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aDSS,

	SSL_3DES,

	SSL_SHA1,
@@ -478,7 +478,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,

	SSL3_CK_EDH_RSA_DES_40_CBC_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aRSA,

	SSL_DES,

	SSL_SHA1,
@@ -494,7 +494,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,

	SSL3_CK_EDH_RSA_DES_64_CBC_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aRSA,

	SSL_DES,

	SSL_SHA1,
@@ -510,7 +510,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,

	SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aRSA,

	SSL_3DES,

	SSL_SHA1,
@@ -526,7 +526,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	SSL3_TXT_ADH_RC4_40_MD5,

	SSL3_CK_ADH_RC4_40_MD5,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aNULL,

	SSL_RC4,

	SSL_MD5,
@@ -542,7 +542,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	SSL3_TXT_ADH_RC4_128_MD5,

	SSL3_CK_ADH_RC4_128_MD5,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aNULL,

	SSL_RC4,

	SSL_MD5,
@@ -558,7 +558,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	SSL3_TXT_ADH_DES_40_CBC_SHA,

	SSL3_CK_ADH_DES_40_CBC_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aNULL,

	SSL_DES,

	SSL_SHA1,
@@ -574,7 +574,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	SSL3_TXT_ADH_DES_64_CBC_SHA,

	SSL3_CK_ADH_DES_64_CBC_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aNULL,

	SSL_DES,

	SSL_SHA1,
@@ -590,7 +590,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	SSL3_TXT_ADH_DES_192_CBC_SHA,

	SSL3_CK_ADH_DES_192_CBC_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aNULL,

	SSL_3DES,

	SSL_SHA1,
@@ -930,7 +930,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,

	TLS1_CK_DHE_DSS_WITH_AES_128_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aDSS,

	SSL_AES128,

	SSL_SHA1,
@@ -945,7 +945,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,

	TLS1_CK_DHE_RSA_WITH_AES_128_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aRSA,

	SSL_AES128,

	SSL_SHA1,
@@ -960,7 +960,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_ADH_WITH_AES_128_SHA,

	TLS1_CK_ADH_WITH_AES_128_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aNULL,

	SSL_AES128,

	SSL_SHA1,
@@ -1023,7 +1023,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,

	TLS1_CK_DHE_DSS_WITH_AES_256_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aDSS,

	SSL_AES256,

	SSL_SHA1,
@@ -1039,7 +1039,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,

	TLS1_CK_DHE_RSA_WITH_AES_256_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aRSA,

	SSL_AES256,

	SSL_SHA1,
@@ -1055,7 +1055,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_ADH_WITH_AES_256_SHA,

	TLS1_CK_ADH_WITH_AES_256_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aNULL,

	SSL_AES256,

	SSL_SHA1,
@@ -1152,7 +1152,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,

	TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aDSS,

	SSL_AES128,

	SSL_SHA256,
@@ -1219,7 +1219,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,

	TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aDSS,

	SSL_CAMELLIA128,

	SSL_SHA1,
@@ -1235,7 +1235,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,

	TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aRSA,

	SSL_CAMELLIA128,

	SSL_SHA1,
@@ -1251,7 +1251,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,

	TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aNULL,

	SSL_CAMELLIA128,

	SSL_SHA1,
@@ -1320,7 +1320,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,

	TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aDSS,

	SSL_DES,

	SSL_SHA1,
@@ -1352,7 +1352,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,

	TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aDSS,

	SSL_RC4,

	SSL_SHA1,
@@ -1368,7 +1368,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,

	TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aDSS,

	SSL_RC4,

	SSL_SHA1,
@@ -1386,7 +1386,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,

	TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aRSA,

	SSL_AES128,

	SSL_SHA256,
@@ -1434,7 +1434,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,

	TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aDSS,

	SSL_AES256,

	SSL_SHA256,
@@ -1450,7 +1450,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,

	TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aRSA,

	SSL_AES256,

	SSL_SHA256,
@@ -1466,7 +1466,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_ADH_WITH_AES_128_SHA256,

	TLS1_CK_ADH_WITH_AES_128_SHA256,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aNULL,

	SSL_AES128,

	SSL_SHA256,
@@ -1482,7 +1482,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_ADH_WITH_AES_256_SHA256,

	TLS1_CK_ADH_WITH_AES_256_SHA256,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aNULL,

	SSL_AES256,

	SSL_SHA256,
@@ -1607,7 +1607,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,

	TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aDSS,

	SSL_CAMELLIA256,

	SSL_SHA1,
@@ -1623,7 +1623,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,

	TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aRSA,

	SSL_CAMELLIA256,

	SSL_SHA1,
@@ -1639,7 +1639,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,

	TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aNULL,

	SSL_CAMELLIA256,

	SSL_SHA1,
@@ -1773,7 +1773,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_DSS_WITH_SEED_SHA,

	TLS1_CK_DHE_DSS_WITH_SEED_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aDSS,

	SSL_SEED,

	SSL_SHA1,
@@ -1789,7 +1789,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_RSA_WITH_SEED_SHA,

	TLS1_CK_DHE_RSA_WITH_SEED_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aRSA,

	SSL_SEED,

	SSL_SHA1,
@@ -1805,7 +1805,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_ADH_WITH_SEED_SHA,

	TLS1_CK_ADH_WITH_SEED_SHA,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aNULL,

	SSL_SEED,

	SSL_SHA1,
@@ -1857,7 +1857,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,

	TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aRSA,

	SSL_AES128GCM,

	SSL_AEAD,
@@ -1873,7 +1873,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,

	TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aRSA,

	SSL_AES256GCM,

	SSL_AEAD,
@@ -1921,7 +1921,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,

	TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aDSS,

	SSL_AES128GCM,

	SSL_AEAD,
@@ -1937,7 +1937,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,

	TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aDSS,

	SSL_AES256GCM,

	SSL_AEAD,
@@ -1985,7 +1985,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,

	TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aNULL,

	SSL_AES128GCM,

	SSL_AEAD,
@@ -2001,7 +2001,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 
	1,

	TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,

	TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,

	SSL_kEDH,

	SSL_kDHE,

	SSL_aNULL,

	SSL_AES256GCM,

	SSL_AEAD,
@@ -4240,7 +4240,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) 
#endif



#ifndef OPENSSL_NO_DH

	if (alg_k & (SSL_kDHr|SSL_kEDH))

	if (alg_k & (SSL_kDHr|SSL_kDHE))

		{

#  ifndef OPENSSL_NO_RSA

		/* Since this refers to a certificate signed with an RSA
@@ -4255,7 +4255,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) 
#  endif

		}

	if ((s->version == SSL3_VERSION) &&

		(alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))

		(alg_k & (SSL_kDHE|SSL_kDHd|SSL_kDHr)))

		{

#  ifndef OPENSSL_NO_RSA

		p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;